Spiir’s Working With Anonymization, Security & Trust

The Danish company Spiir helps individuals make sense of their financial transaction. Financial personal data type is utterly valuable in today’s times in which whole industries depend on thorough risk assessments. Because of its importance in decreasing financial risks, this data is often abused. But how does Spiir treat its users’ personal data?

I spoke with Christian Panton, Spiir developer and privacy activist. Christians’ role is to make sure Spiir users can connect to banks and get a live view of their bank account, as well as to ensure Spiir has adequate security practices and users’ data is treated in an ethical way. During our chat, I found out how does Spiir work and how does it make money, but also what is the role of user privacy and digital security in the development of this service.

What’s Spiir all about?

Spiir’s focus is to empower the users by raising awareness over their financial data. According to Christian, it does so through several methods. On one hand, Spiir provides insights into ones’ financials when connecting any bank account in the Nordics to the service. Among others, it is possible to categorize transactions and add side notes. The user is also provided with analytics through graphs that represent the money flow.

We support users in making smarter financial decisions.

Moreover, the Spiir user can decide to compare their spendings with other users who have a similar economy. Finally, Spiir draws attention to irregularities in individuals’ own budget. In this way, the tool works as a fraud buster but can also be signalling, for example, a monthly subscription that becomes more expensive from one month to another. On top of the above, Spiir provides its users with offers from Spiir’s partners. One example is telecom company Plenti, where users get 30 DKK off their phone service subscription. Is this a targeted offer, in which one Spiir user gets a different subscription discount than another Spiir user? Christian explains:

We estimated how many users we can move on their platform and they gave us the deal. This does not involve giving Plenti the users data, but is based on our capacity to send users from Spiir to Plenti. In return, all Spiir users get the same deal.

How does Spiir make money?

In the future, the company plans on developing this model to insurance, mobile telephony, internet, streaming services, fitness and sports subscription offers. They will turn towards a more targeted approach, in which Spiir users get discounts for the products/services they use on a regular basis. Is the platform turning into Facebook Advertising? Christian Panton disagrees:

On Facebook, advertisement is based on weird inferred data, data of which the user might not even be aware of. In Spiir’s case, advertisement would be based on real data of existing purchases, the user knows what data the ad is based on and has the option to opt out of the ad (Ads are not in place yet). Moreover, while advertisers can choose who we display the ads to, they will never get the users’ data.

Connecting to banks is a business case though. We therefore sell access to the system that connects to banks. Third parties that use our system can be entities like us, that process the data they get access to, but also banks accessing other banks.

Spiir’s business model is, according to Christian, not based on their user data. Instead, the company makes money by giving others access to a system developed in house for Spiir’s own use. What happens if the entities using Spiir’s system do not have the same ethical vision over the handling of one’s financial data? While Spiir might not have control over this aspect, it is one that should be thoroughly considered.

There might be situations where the user thinks sharing its data with 3rd parties is a good idea, and where the data is not used in an adverse way towards the user. In that case, we would be ok with sharing the data based on the explicit and informed consent of the user.

Anonymous, therefore safe?

Spiir allows its users to see graphs of their money flow, compare expenses with other users having a similar economy and negotiates discounts based on knowledge gathered from the users’ financial data. Data is therefore aggregated for several reasons and in several ways. While none of the reasons include the selling of data (aggregated or not), it’s worth discussing the ease of deanonymizing Spiir users’ data. To begin with, we took as a reference the de-anonymization of Netflix users in 2007.

You can go on the app and check how much do people spend on pets food. For you to see this, we do an aggregation of all people who have a similar income to yours. If we have enough people,we will show you how much people spend, on average, on pets food. We will not give you data points, just aggregated data. Through aggregation, one can hide the individual in noise, whereas in the case of Netflix we had linked data points. That’s far more dangerous.

In order to protect its data anonymity, Spiir makes sure users are not represented by pseudonyms so that data sets cannot be linked. In the same time, statistical numbers are not released unless the cohort is large enough.

I think the key to data de-anonymization is linkability. 2000 people have shopped in a certain shop – this is fairly easy to anonymize. But if you have a data set where you link individuals by pseudonyms in a large group – this becomes a problem. For instance, if you use 10 shops, 2000 shops and you have a cohort of 2000 people, it becomes much easier to de-anonymize.

Security

In term of security, Spiir situates the topic at the core of their business. Different to a marketing-minded founder, Spiir’s founders have technical backgrounds that built a high level of security awareness into the company’s culture – all the way up to management and the board. Data is hosted on Microsoft Azure and their solutions are audited through pentesting by bank’s favourite auditing actor. The infrastructure is also designed to minimize security risks:

We ask users for their pin code to their mobile bank in order to synchronize. We make sure that this type of information is very difficult to get to, technically speaking. We physically separate the place where the data is stored and where it is operated. And where it’s stored, it cannot be read. We use a lot of encryption and best practices that make sure the encryption also works in reality.

On top of technical measures, Spiir takes into consideration the human factor and ensures safeguards at organizational level also. Employees who have root access are kept at a minimum number, keys and passwords are reset regularly and the team makes sure there are multi-factor logins in practice – including at hardware level. Moreover, if a user needs customer support, they can grant access to their data and later open an “Access Log“ that displays the name of the employee who accessed their data and the time the data has been accessed on.

Trust

Such features provide a good example of transparency and help build trust between a service and its users. And Spiir is aware that an ethical approach to their users’ data feeds the trust they have been carefully committing to during the years.

If we were a large corporation and we’d have a breach, we’d probably survive. But if Spiir has a breach, trust is lost. And trust is all we have. We’ve been working from the beginning to ensure and earn the trust of our users and we know that with lost data comes lost trust.